CYBERSECURITY: WAYS TO PROTECT YOUR BUSINESS by Chris Morton, MCG Solutions During my tenure as a technology professional, I have attended countless training sessions, seminars and webinars on security. Statistics indicate 70 percent of companies that experience a major disruption do not recover.
Layered Approach
Today, ransomware is a leading concern for many organizations. It is so much a concern that the President of the United States signed an executive order in May of this year for organizations to increase their security posture and develop mature response plans.
▪ Zero trust/least privilege is first. If you do not have the appropriate permissions, you cannot compromise something, even inadvertently.
I have searched for a silver bullet solution and have not found one. In fact, most of my experience has found that there are three focuses for cybersecurity. A major misconception is that cybersecurity is an IT responsibility. A progressive organization is one where cybersecurity is every member’s responsibility.
Insurance
The final item is not a single solution but a layered approach to protecting your assets (endpoint and data). Here are a few key layers we like to include:
▪ Antivirus is still a big part, but now there are so many more options to add. ▪ Operating system and applications must be maintained with the latest security updates. ▪ Web/content filtering to protect users from actively or inadvertently accessing malicious websites. ▪ Email content filtering pre-screening email for unsolicited/ junk email, viruses or phishing campaigns.
The first recommendation is to ensure your cyber-insurance riders are properly covering your business. Be sure your policy has the riders you need to cover your concerns such as a breach at your location, a breach at a third party impacting your business, cyber-terrorism or fraud. Remember, this is insurance and best if your mitigations limit your threat vectors and reduce your overall liability.
▪ Central security logs and auditing.
Backups
▪ Training for ALL users. There is plenty of free training available on the Cybersecurity and Infrastructure Security Agency’s website.
The second is backups, backups and backups. Every online seminar I have attended in the last few years indicates it is not if you are compromised, but when and the recovery options are based on your backup restore capabilities. The key is to be able to alert when an incident happens and respond quickly and restore your data/environment efficiently. The once mighty perimeter firewall protecting the environment is no longer functional. The perimeter is no longer enough. Consumerization has given rise to users accessing corporate resources on desktops, laptops, tablets and smartphones that may be corporate or personal. Corporate assets are no longer only hosted behind the corporate firewall but are now hosted in Amazon, Azure, Google and other cloud services.
▪ Central authentication (single sign-on) with MFA (multi-factor authentication), ideally using username, password and biometrics. ▪ Corporate policies. ▪ Change management.
The idea is you put enough layers and alerts in place to let you know about something before it becomes a critical issue, allowing you to respond while maintaining business operations. In closing, you can determine your personal level of liability by testing your credentials at haveibeenpwned.com.
ABOUT THE EXPERT
Chris Morton is vice president of MCG Business Solutions. Over the past 20 years, Morton has consulted with numerous customers from 5-user networks to the U.S. Department of Defense. He specializes in the use of information technology for strategic planning and implementation. To contact Morton, call 251.650.2231 or visit mcgnow.net. BUSINESS VIEW
33
